9.3.0 and DNS REQUEST

Barry Margolin barmar at alum.mit.edu
Fri Nov 12 05:04:44 UTC 2004

In article <cn0ug3$v5h$1 at sf1.isc.org>,
 "J.D. Bronson" <jbronson at wixb.com> wrote:

>   I have noticed that some spammers have been trying to grab all my zone
>   information (But not a XFR)...and the cisco IDS box I have logs this:
>   I can duplicate this:
>   #nslookup
>     server dns1.domain.com
>     set q=any
>     domain.com
>   and as expected the entire DNS record is presented.

That shouldn't return all the zone information, it should just return 
the records for domain.com itself.

>   Is there any way to stop this within BIND? - I can DROP the packet using
>   IDS on the Cisco, but my 3rd DNS server is located in a system that I
>   cannot do this in...

ANY queries are very common.  sendmail sends them to get the MX and A 
record for your domain in one shot.

Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

More information about the bind-users mailing list